{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2026-50766","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2026-06-26T21:37:56.281Z","dateReserved":"2026-06-07T00:00:00.000Z","datePublished":"2026-06-26T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2026-06-26T21:37:56.281Z"},"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes)."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"http://koha.com"},{"url":"https://lgnas.gitbook.io/findings/cve-2026-50766"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]}},"dataVersion":"5.2"}